Holding company reveals that not all agencies have been hit and that they are working with law enforcement
Sir Martin Sorrell has called upon WPP’s ‘highly creative, ingenious and dedicated people’ to help minimise disruption to client business following a ransomware attack yesterday. He also reassured staff in a memo that ‘WPP and its companies are still very much open for business’. Moreover, at this point no client data appears to have been compromised.
The growing menace of cybercrime hit the ad industry’s biggest holding company on Tuesday. On Tuesday, employees at several WPP agencies found themselves locked out of their computers and greeted with a ransom note calling for $300-worth of bitcoin to decrypt and release their files.
On Wednesday morning, WPP released a statement confirming that the attack had taken place and that it had hit an unspecified number of companies within the group (though not all had been affected).
The WPP website is now live, following reports that it was down yesterday.
The ‘Petya’ attack is thought to have originated in Ukraine. Other organisations affected include the departments in the Ukraine government, Kiev airport, a Spanish law firm, Mondelez, a Russian oil company. A similar attack – the so-called ‘WannaCry’ attack – hit 99 countries in May, and locked down IT systems in the UK’s NHS, leading to hospital closures. While this is the biggest cyber attack to hit the ad industry, cyber security is likely to be a growing concern for all advertising agencies and holding companies.
Sir Martin Sorrell’s memo to staff:
“As you will know, organisations around the world have been hit by a cyber attack. A number of WPP companies – though not all – have been affected.
“We are working with our IT partners and law enforcement agencies to assess the situation, take all precautionary steps and return to normal operations as soon as we can. At this time, we have no indication that either employee or client data has been compromised. As you would expect, our companies and teams are in contact with clients on an ongoing basis.
“Many of you will have experienced significant disruption to your work. However, contrary to some press reports, WPP and its companies are still very much open for business.
“We are a group packed full of highly creative, ingenious and dedicated people. I urge you all to put those qualities to use in making sure that what our clients experience in the hours and days ahead is as close to business as usual as we can possibly manage.
“The IT teams in all our companies affected, coordinated by the Group IT function, are working hard to balance the need to protect our systems and the need to bring them back online in a timely fashion. The approach and solution will vary from company to company. It is crucial that you give them your full cooperation and support, and follow their instructions.
WPP’s full statement reads as follows:
“On Tuesday 27 June a number of WPP companies – though not all – were affected by the ransomware attack that hit organisations around the world.
“We are working with our IT partners and law enforcement agencies to take all appropriate precautionary measures, restore services where they have been disrupted, and keep the impact on clients, partners and our people to a minimum. Having taken steps to contain the attack, the priority now is to return to normal operations as soon as possible while protecting our systems.
“Our operations have not been uniformly affected, and issues are being addressed on a company-by-company basis. Many of our businesses are experiencing no or minimal disruption.
“We will provide further updates as the situation develops.”